EVIDAAI
Security & Trust

Your data stays yours.

Evida is designed for regulated audit environments. Strict tenant isolation, least-privilege access, and a human-in-the-loop approval model are not optional add-ons — they are architectural fundamentals.

Data stays in your tenant

Every firm's data is isolated at the storage and compute layer. No cross-tenant access is possible. Your workbooks and documents never co-mingle with another client's environment.

Least-privilege access

Evida requests only the permissions it needs to execute a specific task. Service accounts are scoped to the minimum required surface — read-only where write is not required.

Encryption in transit and at rest

All data is encrypted in transit over TLS 1.3 and at rest using AES-256. Keys are managed per-tenant and rotated on a defined schedule. No plaintext persistence.

Never used for model training

Your audit data, documents, and findings are never used to train or fine-tune any AI model — ours or third-party. Your client data is yours alone.

Evida proposes. Your team approves every result.

Nothing in Evida is finalized without an explicit human decision. The agent surfaces findings, flags exceptions, and prepares draft workpapers — but every conclusion requires sign-off from a qualified auditor. Human judgment is not a fallback; it is the required final step.

SOC 2 Type IIIn progress
ISO 27001In progress
GDPRReady
Data ResidencyAvailable
SSO / SAMLAvailable
Building toward certification

Built for SOC 2 & ISO 27001 — audits not yet complete.

We engineered Evida to the controls these frameworks require and mapped each one to the relevant SOC 2 Trust Services Criteria and ISO 27001:2022 Annex A control. The formal audits are still in progress, so we don't claim certification yet — but the technical foundation is already in place.

  • Secret scanning & SAST in CI
  • Code-signed releases with SBOM
  • Encryption in transit & at rest
  • Security-event audit logging
  • Local-only deployment option
  • No telemetry or usage tracking

Evida AI is not yet SOC 2 attested or ISO 27001 certified. These statements describe implemented technical controls and audit readiness, not a current certification. Detailed control documentation is available to prospects under NDA.

Your documents never leave your tenant.

Ready to evaluate Evida for your firm?

Request a demo